Malware Doctor

Malware Doctor Description

Malware Doctor is a rogue security program that has been around for a while and seems to be making a comeback. If you have Malware Doctor on your computer, remember that Malware Doctor is malicious, and Malware Doctor is not a safe place to provide information about your PC's security.

Symptoms of Malware Doctor

The symptoms of an infection with Malware Doctor are easy to spot. Malware Doctor will regularly show a fake home screen, where Malware Doctor will pretend to run scans of your computer. Malware Doctor will always report that its scans have turned up results, regardless of what is actually going on with your computer, because Malware Doctor is incapable of detecting threats. The interesting thing about Malware Doctor, compared to other fake security programs, is that Malware Doctor reports relatively few threats in Malware Doctor's findings. Most rogue anti-malware applications will return long, ridiculous lists of infections that they claim to find on the victim computer. Malware Doctor, on the other hand, only reports a few infections, which are carefully named and described in order to make them sound more believable. Apparently the crooks behind Malware Doctor decided that subtlety might be more effective in manipulating people into handing over their money.

When Malware Doctor shows its falsified scan results, Malware Doctor tries to make itself look like a McAfee product – or Malware Doctor at least tries to make itself look realistic by taking on characteristics of a McAfee product. The names of the infections that Malware Doctor claims to find always use McAfee's malware naming conventions, and they frequently are the names of real computer viruses. Even the information that Malware Doctor provides about the malware Malware Doctor claims to find comes from McAfee's online threat database. After Malware Doctor provides you with its fake scan results that use McAfee's real malware names and descriptions, Malware Doctor reminds you that you can't remove these "threats," because your copy of Malware Doctor is unregistered. If you follow the prompts to "register" your copy of the software, you wind up at a fake site that promotes Malware Doctor, and which is used as the payment site for the scam. You can enter your credit card information and pay for Malware Doctor, but absolutely nothing will change in the behavior of the malware. Malware Doctor is nothing more than a scam.

Malware Doctor is also known to cause pop-up security warnings to appear on infected computers, but like Malware Doctor's fake scan results, these warnings are toned-down and less crazy than what other rogue anti-virus applications tend to generate in alerts. Malware Doctor's alerts will mention names of real PC threats which Malware Doctor claims to have found, and they will remind you to register the software to remove the threat.

History of Malware Doctor, and How it Infects Computers

Malware Doctor is not a new rogue security program; Malware Doctor first appeared in the summer of 2009. The appearance and symptoms of the malware haven't changed since then. However, Malware Doctor no longer relies on the same malicious sites that Malware Doctor did before. Malware Doctor's fake homepage, malwaredoctor.net, still exists – but it appears to have been hacked. Instead of promoting Malware Doctor, the main page of the site is now a warning about the fact that Malware Doctor is malware. Other portions of the site seem to be unchanged, and still reflect the idea that Malware Doctor was supposed to pass for real anti-malware software. The domain name has been registered using a privacy service, so that the information for the owner of the domain is not publicly available. So that means that the malwaredoctor.net domain is hosted by a pretty major hosting provider, and that begs the question of why the provider hasn't shut down the site by now. Sometime in between summer 2009 and now, the people behind the Malware Doctor scam have abandoned their original site and started using new ones, so Malware Doctor does still have malicious sites that promote Malware Doctor as real software.

Infections with Malware Doctor are the result of a Trojan, and in this case, the responsible Trojan is one called Vundo. The Vundo Trojan tends to be bundled with downloads of video codecs or application updates on malicious sites or hidden in fake "free scan" sites. Once this Trojan finds a way in, it takes care of downloading and setting up Malware Doctor.

Malware Doctor is essentially the same malware as Malware Doc. The only differences between them are in name and superficial appearance, but otherwise, they are part of the same scam. Remember that no matter what Malware Doctor may tell you about your computer or your security, you should not pay for this malware, because Malware Doctor is incapable of actually doing any of the things it says Malware Doctor does.

Technical Information

File System Details

Malware Doctor creates the following file(s):
# File Name Detection Count
1 Malware Doctor.exe N/A

Registry Details

Malware Doctor creates the following registry entry or registry entries:
RegistryKey
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Doctor
HKEY_USERS\Software\Microsoft\Windows\Explorer\MenuOrder\Start Menu2\Programs\Malware Doctor

Related Posts

One Comment